top of page

Bluebell Financial Management
Privacy Policy

1. Introduction


This is the Privacy Policy for Bluebell Financial Management.


At Bluebell Financial Management we take our obligations in respect of data privacy seriously and recognise that it is important for you to understand how we make use of personal data.


Please read this privacy policy carefully as it contains important information about how we use personal data that you provide to us or we collect from you when operating our business, for example, when you visit the Bluebell Financial Management website (this/our “Site“).


It also explains the ways in which we will protect your personal data and sets out your rights in respect of personal data that we process about you.


2. Who we are


For the purpose of applicable data protection laws, the “data controller” (in other words, the organisation that determines how and for what purposes your personal data is used) will be the Bluebell Financial Management entity which you have engaged to provide services to you, and which you have provided your personal data to.


This privacy policy details how we process personal data of which we are the data controller.

3. Personal data we may collect from you and how we collect it


Personal data you provide to us directly


You may provide personal data to us in a number of ways, including:

  • visiting and browsing our Site;

  • registering an account with Bluebell Financial Management for our services;

  • completing our “contact us” form on our Site or otherwise enquiring about our services;

  • engaging with us over the telephone or virtually (in some instances we will record phone or video calls with you);

  • having an initial ‘pre-client’ meeting with us to help us understand your requirements;

  • subscribing to receive any of our publications or other marketing communications;

  • mentioning or interacting with us on social media (for example by following / mentioning / tagging us or by contacting us directly);

  • you attend one of our events;

  • providing us with feedback about the services we provide; or

  • entering into a contract with us and engaging with our services.

What type of data might be included?


The personal data you give us may include but is not limited to:

  • your name;

  • e-mail address;

  • date of birth;

  • details of income;

  • phone number (including mobile number);

  • employment history;

  • details of family members or beneficiaries;

  • job role;

  • pension, investment and other financial details, including your plans for the future;

  • health data (for specific services);

  • your social media handle and the contents of your post (where you have tagged us or contacted us directly);

  • any other information that you provide to us in our provision of services to you; and

  • thoughts about our services (including feedback, survey responses, complaints and reviews).


Personal data we collect or generate about you


When you visit our Site we may collect, generate, store and use certain personal data about you. In some cases we will use cookies to do this, for further information about the cookies we use and how to opt out of such cookies please see our Cookie Policy.

We may also collect personal data about you if you visit our offices.


The personal data we collect about you may include but is not limited to:

  • technical information including: the internet protocol (IP) address used to connect your computer to the internet; your login information (if registering or accessing an account with us); browser type and version; time zone setting; browser plug-in types and versions; device types; operating system; time and date of consent and platform; and any phone number used to call our client service number; and


  • information about your visit to our Site including: the full Uniform Resource Locators (URL); clickstream to, through and from our Site (including date and time); products you viewed, searched for or purchased; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse our Site.

Personal data we receive from other sources

We may occasionally receive personal data about you from other sources, for example, a family member may provide us with your personal data in relation to the services that we are providing to them (for example, if you are a named beneficiary of a life assurance product).


We always ask that if you are providing us with the personal data of someone else (for example another family member) that you notify them in advance that their personal data is being shared with us to allow us to provide services to you and you are responsible for directing them to this privacy policy.


4. Why and how do we use your personal data and what is our “lawful basis” for doing so?

Whenever we process your personal data as a data controller, we are required to identify and maintain a valid “lawful basis” (i.e. a legally compliant justification) for the processing. Typically, we will rely on the fact that our processing of your personal data is necessary:

  • to perform our contract with you;

  • to comply with our legal obligations; and/or

  • for our legitimate business interests, namely to analyse the use of our Site and our services to continually improve your experience and our business.


To help you to understand specifically what we do with your personal data and why we do it, we have described the various relevant lawful bases that we rely on in the information below. Where we rely on our legitimate interests, we will always make sure that we assess these interests against your right to privacy before carrying out such processing and, if your rights outweigh our legitimate interests, we will not process your personal data for that purpose.

How and why we use your personal data -> What is our legal justification for processing your personal data​

To verify your identity (i.e. to confirm that you are who you say your are)


Due to the nature of our business we must process this data to fulfil our legal obligations.

To engage you as a client for the purposes of the relevant service which you instruct us for and to manage your account going forwards.

To provide you with guidance about your financial affairs and their administration.

To process payments to and from you and to maintain accounts and records of such payments.

We will have to process your personal data in these ways in order to perform our contractural obligation with you. Where you provide us with details of a third party (such as a family member) you are responsible for ensuring the third party is aware that their personal data is being shared and for directing them to this privacy policy.


To provide you with regular updates on topics relevant to the service we are providing, or to invite you to events at which the principal aim is to provide you with similar information.

To carry our market research or similar surveys.

To provide you with further information about Bluebell Financial Management, our other services and upcoming events.

To measure or understand the effectiveness of any marketing that we serve to you.


Unless we are contacting you in a business to business capacity, we will only use your personal data to send you electronic marketing messages if we have consent from you to do so.


Where we send to you in a professional capacity or otherwise to carry out research or analyse our advertising, we will rely on our legitimate interests to send these types of communication (our legitimate interest in marketing and advertising our services) and conduct such activities.


You can opt out from marketing communications by using the unsubscribe links within our marketing messages, or by contacting us at any time at the contact details set our below.


To use the comments and feedback that you provide to us (either directly or through Google) for our own advertising purposes.

We may use a review, comment or piece of feedback that you submit in our advertising campaigns, such as in press and digital advertising, on our social media pages, in our email marketing or on our Site.


We have legitimate interest to promote our own services and to use the reviews, comments and feedback that you provide to us to do so.

To find out more about the visitors to our Site and our client base as a whole (rather than about you as an individual) to ensure that the services that we offer are most likely to interest or Site visitors. Typically, the information collected is technical in nature and doesn’t tell us about you as an individual (see above). We may use cookies to do this.


We have a legitimate interest to make sure that we are providing you with the information that we think is most relevant to you. We will not place cookies other than ‘strictly necessary’ cookies on your device unless you have told us to do so. For information on how we use cookies, please see our Cookies Policy.

To notify you about changes to our services and terms and conditions.


We have to process your personal data in these ways to perform our contractual obligations to you. We might also rely on our legitimate interests as a business to send you these updates.


To prevent or detect crime, fraud or abuses of our services or our Site and to enable third parties to carry out technical, logistical, research or other functions on our behalf related to these purposes.


In some circumstances we will use your personal data because its necessary for us to comply with a legal obligation (for example, if we received a legitimate request from a law enforcement agency).


In other cases (such as the detection of theft, fraud or ensuring security of our Site) we will rely on our legitimate interests in keeping our employees and our Site (and such users of our Site) secure and to prevent theft and fraud.


For administrative or business purposes, where you contact us for a particular reason other than those set out above, such as to report problems with our Site.


We have a legitimate interest to respond to your contact for the purposes of administering our business and providing you with the services you require.


In some circumstances we will record telephone or virtual calls between you and us which may lead to us providing guidance or executing an instruction on your behalf. We may use these recordings, or transcripts of them to check your instructions, to improve our services, for training and quality purposes, to help us investigate a complaint or to comply with our legal obligations.


5. Special Category/Sensitive personal data


The personal data that you provide to us may include certain special categories of information that are treated in law as being particularly sensitive (e.g. information related to your health).

We may require you to provide this sensitive personal data in order to provide you with the services you require from us (e.g. we would not be able to provide you with assistance and guidance on an Attendance Allowance application without understanding your current medical needs and medical history which both need to be taken into consideration).


Wherever we process sensitive personal data we will, in accordance with legal obligations, ensure that such information is provided with additional safeguards to protect it.

6. What if you fail to provide personal data?

If for any reason you failed to provide personal data which we require we may not be able to provide you with the services that you require from us.


7. Change of purpose


We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for a purpose other than that for which it was collected, we will prior to that further processing, provide you with information about the new purpose, we will explain our legal justification for doing so and we will provide you with any relevant further information. We may also issue a new privacy policy to you.


8. How we share your personal data


Third party suppliers and service providers involved in our contractual relationship with you

Like most businesses, we work with third-parties from time to time on your behalf. Some of these trusted third parties will process your personal data on our behalf and provide services to us to enable us to manage your account with them.

Some of these trusted suppliers will require you to enter into a contract with them directly. Please note that where you enter into a contract with a third party following a recommendation by Bluebell Financial Management (e.g. external care support services or private car hire), the third party will become the “data controller” of any information provided to them either by you or by us with your consent. Any personal data shared with that party will subsequently be processed in accordance with that third party’s privacy policy.

We maintain a list of the third-parties that we engage. A copy of this list is available upon request; if you would like a copy please email


We will always make sure that these trusted providers meet agreed standards for the protection of your personal data and they will only ever be allowed to use your personal data in order to provide us with services and not for their own commercial purposes. We require all third parties to take appropriate security measures to protect your personal data and to treat it subject to a duty of confidentiality and in accordance with applicable data protection law.


Other scenarios in which we might share your personal data


We may also share your personal data:

  • with regulatory, governmental or statutory bodies that we are required (either by law or regulation) to provide personal data to upon their request (including the Financial Conduct Authority, HMRC, and the Institute of Chartered Accountants in England and Wales);

  • third-party service providers who assist with our compliance with regulatory requirements, such as Anti-Money Laundering searches (for further information on these third parties, please contact us);

  • to protect the rights, property or safety of our employees, workers, contractors, clients, or others. This includes exchanging your personal data with other companies and organisations (including without limitation the local police or other local law enforcement agencies) for the purposes of our employee, worker, contractor and client safety, crime prevention, fraud protection and credit risk reduction.


9. How do we protect your personal data?


We take the security of your personal data very seriously and have put in place physical, technical, operational and administrative strategies, controls and measures to help protect your personal data from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. We will always keep these under review to make sure that the measures we have implemented remain appropriate.

In addition, we limit access to your personal data to those employees and other third parties who have a business need to know in order to perform their job duties and responsibilities. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.


10. How long do we keep your personal data?


We will retain your personal data for as long as we need it in connection with our relationship with you. There may also be circumstances where we need to retain your personal data for longer than our relationship with you, for example:

  • where we have a statutory or regulatory obligation to retain the information (we are required to keep certain information for specified minimum periods, and in some cases indefinitely, depending on the services we provide); or

  • to ensure our business is properly run in an efficient and compliant manner.

Personal data which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal data where applicable.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you. In this case, we may retain such information for a longer period without further notice to you.

11. Your rights in relation to your personal data


It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed if your personal data changes so that our records can be updated. We cannot be held responsible for any errors in your personal data if this is caused by a failure by you to notify us of the relevant change.

Data protection law grants you a number of specific rights in respect of your data in addition to the broad and general right to have your data protected.  We have set out some information in respect of each of those specific rights, below:

  • Right to be informed about how your personal data will be processed. This enables you to receive information about how we use your personal data. We have set this information out in this Privacy Policy.

  • Request access to your personal data (commonly known as a “data subject access request“). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  • Request erasure of your personal data (commonly known as the “right to be forgotten“). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

  • Request the transfer of your personal data to another party.

  • Not to be subject to a decision solely based on automated processing. We do not anticipate making decisions about you based solely on automated decision making where that decision would have a significant impact on you. If we ever make a decision about you automatically by a computer or an algorithm without human intervention you can ask us to have that decision reviewed by a human.

If you want to exercise any of the rights set out above, please contact us (using the contact details set out below).

12. Cookies


As referenced above, our Site uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse our Site and allows us to improve our Site and our services.

We may also place tracking cookies in our marketing emails as this helps us to improve our marketing activities – for example, these cookies allow us to see how many people open our emails, what time of day they open our emails and whether they click through on any of the information contained in the emails.


For information on how we use cookies, please see our Cookie Policy.


13. Third-party websites

Our Site may, from time to time, contain links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for the ways in which personal data is processed on such websites. Please check the relevant policies before you submit any personal data to these websites.


14. Changes to this privacy policy


We reserve the right to update or amend this privacy policy at any time, including where we intend to further process your personal data for a purpose other than that for which the personal data was collected or where we intend to process new types of personal data. We will place any updates here on this page. This privacy policy was last updated on 20 January 2023.


15. Complaints


We encourage you to contact us first if you have any queries, comments or concerns about the way we handle your personal data (our details are in the section immediately below). We will try to put things right.

However, if you are not satisfied with our handling of any request by you in relation to your rights or concerns, you also have the right to make a complaint to the Information Commissioner’s Office (“ICO“). You can contact the ICO at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF; 0303 123 1113; or


16. Contact


If you have any questions about this privacy policy or how we handle your personal data, please contact us by sending us an email to

bottom of page